Security News > 2021 > September > Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)

Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)
2021-09-14 18:47

On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions.

Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents.

"Several people have not only crafted functional proof-of-concept exploits, but a few have created and published 'builder' tools that anyone can use to weaponize an Office document. The original version of the exploit used Microsoft Word.docx documents, but we've already spotted some versions that use.rtf file extensions."

Dustin Childs, with Trend Micro's Zero Day Initiative, singled out CVE-2021-36965 and CVE-2021-38647 as worthy of note.

CVE-2021-36965 is an RCE in the Windows WLAN AutoConfig Service that could be exploited by network-adjacent attackers.

There is also CVE-2021-36968, a Windows DNS Elevation of Privilege vulnerability that is publicly known, though not actively exploited.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/j02rIori0KA/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-40444 Path Traversal vulnerability in Microsoft products
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows.
network
low complexity
microsoft CWE-22
8.8
2021-09-15 CVE-2021-38647 Improper Authentication vulnerability in Microsoft products
Open Management Infrastructure Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-287
critical
9.8
2021-09-15 CVE-2021-36968 Improper Privilege Management vulnerability in Microsoft Windows 7 and Windows Server 2008
Windows DNS Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-269
7.8
2021-09-15 CVE-2021-36965 Unspecified vulnerability in Microsoft products
Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
low complexity
microsoft
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 841 4687 4342 3722 13592